IT system leaves GP practices in the dark about who can access records

Written by Rebecca Hill on 8 March 2017 in News

News

GP practices may be inadvertently breaking data protection rules due to a record-sharing feature in a widely-used IT system, it has been reported.

Up to 3,000 practices could be affected - Photo credit: PA

According to the GP trade title Pulse, some 2,700 practices using the TPP SystmOne system could be unaware that they are in breach of data protection legislation.

The IT system has a record-sharing feature that aims to give hospitals, care homes and community services access to GP records and let them record their own notes.

However, the TPP SystmOne does not automatically restrict access to these records to organisations that provide the GP practice in question with services, such as out-of-hours care.

This means that any authorised user of TPP SystmOne at an organisation that uses the system could technically access at least some of patients’ records, which Pulse said was causing practices who are using the system being in breach of data protection regulations, as they cannot say who has accessed patient records.

Related content

Guidance from TPP sets out a process that practices can run on a patient-by-patient basis to see which staff members have accessed patient records within the practice – but this can only provide information on which organisations have access to the data – not the individuals.

Both NHS Digital the UK’s data protection watchdog the Information Commissioner’s Office confirmed to PublicTechnology that they were aware of the potential issue and were working together, alongside TPP, to resolve it.

An ICO spokeperson said: “We do have data protection compliance concerns about SystmOne’s enhanced data sharing function. These concerns are centred on the fair and lawful processing of patient data on the system and ensuring adequate security of the patient data on the system.”

The spokesperson added: “We have made these clear to TPP and NHS Digital and we are in discussions with them about how these are resolved.”

TPP published updated guidance on its online systems at the end of February, which indicated that it was trying to fix the issue. This said that TPP would be “making amendments to the record audit” functions to allow patients to see every organisation that has accessed the information recorded in the system.

This document also states that practices do not need to turn off sharing for patient records, and that changing the sharing preferences to prevent organisations from seeing data that is currently visible to them “has clinical safety implications”.

The campaign group MedConfidential welcomed the move by TPP to update the system so that patients could see who has accessed the information in their records - but added that such errors demonstrate “why patients must be able to see by which organisations their GP records have been accessed”.

The group said that failures like this would happen again until the government committed to “ensuring that every patient in the NHS can see how their data is used”.

It said: “TPP has now committed to telling patients how their data is used… what about everyone else?”

The government’s response to the Caldicott review into patient data and consent – which reported in the summer last year – is expected to address such concerns and is due for publication soon.